HowTo Encrypt Config File (not app.config or web.config)

Topics: Data Access Application Block
Apr 24, 2007 at 12:23 AM
Hi Guys,

Using 2.0 EntLib. For maintainability we store all our data configuration connection strings in a seperate config file (say data.config). And use the File Configuration Source to point to this file. I obviously want to encrypt all the connection strings in our data.config. It looks like aspnet_reg.. only encrypts web/app.config files.

Can someone point us in the direction of how to encrypt/decrypt a seperate config file.

Many Thanks,
Apr 24, 2007 at 2:22 PM
This a great reason to move to Enterprise Library 3.0. The new configuration tool allows you to encrypt and decrypt configuration sections by the simple click of a drop-down:

Enterprise Library 3.0 Visual Studio-Integrated Configuration Editor

I understand if this isn't feasible, of course :)

Is it possible to just temporarily rename you configuration file to app.config or web.config to encrypt and then rename it back?

If not, you can programmatically encrypt sections that I talk about here:

Encrypt Connection Strings AppSettings and Web.Config in ASP.NET 2.0 - Security Best Practices

Encrypt ConnectionStrings in App.config

Although the posts talk about App.config / Web.config, it really doesn't matter as to the name of the configuration file.




David Hayden
Microsoft MVP C#
May 9, 2007 at 3:58 AM
Thanks David, we've gone ahead and upgraded and is very nice and easy!